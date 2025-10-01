Kaspersky has sounded the alarm on the rapid evolution of phishing attacks, warning that artificial intelligence (AI) is transforming the scale and sophistication of online deception.

In its latest report, the cybersecurity firm revealed it had blocked over 142 million phishing link clicks worldwide in the second quarter of 2025, a 3.3 per cent increase globally and a staggering 25.7 per cent rise in Africa compared to the previous quarter. Phishing, once dominated by crude scam emails riddled with grammatical errors, is now being redefined by AIpowered deception.

Criminals are leveraging large language models to create convincing messages, websites, and even human-like bots capable of holding extended conversations with victims. These bots, often deployed on social media and messaging platforms, play a key role in romance scams, fake investment schemes, and fraudulent promotions, frequently reinforced by AI-generated audio clips or deepfake videos.

Attackers are also using AI to impersonate trusted figures, from colleagues and celebrities to bank officials, in realistic voice calls and videos. Some schemes feature fake bank security calls generated with cloned voices, tricking users into handing over two-factor authentication codes that allow account takeovers.

Publicly available data from social media and corporate websites is being mined to tailor highly targeted attacks, including HR-themed phishing emails and phone calls that reference personal or professional details. To evade detection, cybercriminals are increasingly exploiting legitimate platforms.

Telegram’s Telegraph service, designed for publishing long text posts, has been misused to host phishing content, while Google Translate’s URL structure is being manipulated to disguise malicious links as authentic translation pages.

Attackers are even incorporating CAPTCHA verification into phishing sites to mimic trusted security mechanisms, reducing the likelihood of being flagged by anti-phishing systems. Perhaps most concerning is a shift in what attackers are targeting.

While stolen logins and passwords remain valuable, the focus has expanded to biometric data and signatures — forms of identity that are far harder, if not impossible, to change once compromised. Fraudulent sites now request camera access under the guise of account verification, capturing facial or other biometric identifiers.

Meanwhile, phishing campaigns impersonating digital signing platforms such as DocuSign trick users into uploading electronic or handwritten signatures. Both forms of data can be exploited for unauthorized access to sensitive accounts or sold on underground markets, creating long-term risks for individuals and businesses.

“The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users,” said Olga Altukhova, security expert at Kaspersky. “Attackers are no longer satisfied with stealing passwords — they’re targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences.

By exploiting trusted platforms like Telegram and Google Translate, and coopting tools like CAPTCHA, attackers are outpacing traditional defenses.” The report also highlights an earlier 2025 campaign dubbed Operation ForumTroll, in which attackers invited media outlets, government bodies, and academic institutions to the “Primakov Readings” forum via personalized phishing emails.

Victims who clicked the links were instantly compromised through an exploit targeting a then-unknown vulnerability in Google Chrome. To avoid detection, the malicious links were active only briefly before redirecting to the genuine conference website.

Kaspersky urges users to remain vigilant against increasingly convincing phishing schemes, advising them to verify the authenticity of unsolicited messages, calls, or requests, remain cautious about camera access permissions, and avoid uploading signatures to unverified platforms. The company also recommends its Kaspersky Next solution for businesses and Kaspersky Premium for individuals as added layers of defense.